Search results

This paper aims to discuss a new tool for requirements gathering in the Web 2.0 era. It seeks to investigate the features that this kind of tool should have in order to be as widely applicable and useful as possible. Further, it aims to explore the extent to which business requirements for enterprise resource planning (ERP) systems can be collected and discussed collaboratively in a worldwide community of business process experts.

The paper is a combination of empirical research, hermeneutics and design research.

The proposed Living Requirements Space (LRS) platform has the potential of becoming an international forum for collecting and discussing business requirements for ERP systems.

The LRS platform will allow ERP developers, ERP systems implementers, and academics to better understand the evolution of business requirements for ERP systems. It will create a knowledge base of ERP business requirements, that is, a repository that guarantees open and unrestricted access to content. It will thus allow for more international ERP systems and far more comprehensive education on and understanding of business processes and ERP systems.

LRS is an open access tool that allows for the gathering of ERP systems requirements in a vendor‐ and project‐independent approach that is unbiased towards any geographic region.

In any information security risk assessment, vulnerabilities are usually identified by information‐gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost‐effectively. This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models.

Business process models have been selected for use, because there is a close relationship between business process objectives and risks. Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.

Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.

It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.

The main purpose of this paper is to improve a web content management system (WCMS) product line for future implementations by identifying software commonalities in WCMS‐based web applications. WCMS plays a central role in modern web application development: most large public and internal web sites are based on a WCMS foundation. If we can improve the implementation process, the effectiveness and efficiency of web application development will increase significantly.

This research identifies reusable solutions from existing WCMS implementations using problem diagrams and structured goal modeling. From configurations were matched with atomic e‐business models by linking them to the strategic competencies through bottom‐up goal modeling. A designed method was constructed on how requirements can be elicited for WCMS implementations using goal modeling and problem frames.

The resulting method provides insight in relevant e‐business models and their relation to software product lines. Moreover, the approach is applied in a WCMS study which demonstrates its applicability.

The practical implications of this research is twofold: WCMS developers now have a method to improve their product line based on e‐business models; and requirements engineers implementing WCMS can use this model to apply reusable software and prioritize requirements. Both will potentially have a large impact on the effectiveness of implementations since most web applications are developed with WCMS.

The paper presents a novel approach for efficient and effective identification of software commonalities. This research is part of the web engineering method that focuses on development of web applications based on WCMSs.

The purpose of this paper is to describe and analyze the benefits of the application of a requirements engineering framework to assist Enterprise Resource Planning (ERP) development. This framework combines the technology-driven and the process-driven approaches for requirements analysis and implementation. Specific business process modeling methods enhance the framework and assist the formulation of the functional specifications of the ERP system and the management of requirements.

A case study strategy was chosen as the most appropriate method to answer the research question and test the theoretical propositions. The case study’s unit of analysis is a Greek manufacturing company and its ERP implementation project. A requirements engineering framework enhanced with business process modeling methods was applied and the results were evaluated using metrics for ERP implementation success. Data were collected using multiple sources of evidences, including interviews with various stakeholders, structured questionnaires, direct observations, vendors’ functionality papers and company’s documentation.

This study proves that the configuration of ERP’s reference models together with the adjustments of organization’s processes, provided through a structured requirements engineering framework can lead to reliable functional specifications, a smooth transition to an ERP system and, eventually, to successful ERP implementation, concerning its alignment with requirements.

A single case study is conducted in a typical manufacturing company, providing opportunities for further research in other industries, testing in parallel well-defined requirements and other success factors for ERP implementation.

The paper fulfils the identified needs for applied methodologies and frameworks for requirements engineering which can assist successful ERP implementations.

This paper aims to introduce the goal-oriented requirements extraction approach (GOREA). It is an elicitation approach that uses, specifically, healthcare business goals to derive the requirements of e-health system to be developed.

GOREA consists of two major phases: (1) modelling e-health business requirements phase and (2) modelling e-health information technology (IT) and systems requirements phase. The modelling e-health business requirements phase is divided into two main stages: (1) model e-health business strategy stage and (2) model e-health business environment stage. The modelling e-health IT and systems requirements phase illustrates the process of obtaining requirements of e-health system from the organizational goals that are determined in the previous phase. It consists of four main steps that deal with business goals of e-health system: (1) modelling e-health business process (BP) step; (2) modelling e-health business goals step; (3) analysing e-health business goals step; and (4) eliciting e-health system requirements step. A case study based on the basic operations and services in hospital emergency unit for checking patient against COVID-19 virus and taking its diagnostic testing has been set and used to examine the validity of the proposed approach by achieving the conformance of the developed system to the business goals.

The results indicate that (1) the proposed GOREA has a positive influence on the system implementation according to e-health business expectations; and (2) it can successfully fulfil the need of e-health business in order to save the citizens life by checking them against COVID-19 virus.

The proposed approach has some limitations. For example, it is only validated using one e-health business goal and thus it has to be authenticated with different e-health business goals in order to address different e-health problems.

Many e-health projects and innovations are not established based on robust system requirements engineering phase. In order to ensure the success delivery of e-health services, all characteristics of e-health systems and applications must be understood in terms of technological perspectives as well as the all system requirements.

There are differing views and results in the literature regarding whether the user’s participation has a positive or negative impact, if any, on the success of an information system (IS) project. The purpose of this paper is to develop a comprehensive model with four main hypotheses to test the relationships between seven constructs using survey data conducted in the USA.

The authors develop a structural equation model (SEM) with four constructs defining the activities the user participates in and three constructs defining user satisfaction as a measure of project success. As such, the proposed SEM is the most comprehensive among the models offered in the literature to date, and includes, for the first time, a presentation requirement construct as a specific system requirement for possible user participation.

The authors find that a business user’s participation in functional requirements benefits project outcome, whereas business users should not participate in gathering presentation requirements unless they are experienced middle managers.

This study surveyed many industries across the USA and provided a solid statistical base for analysis. Future research should consider exploring IS projects in other countries since various cultures can differ in how they approach to such projects. Additionally, industries are known to have dissimilar needs; therefore, a study exploring specific industries would add to the available research.

The authors find that when the general business user participates in certain activities that relate to presentation of the system, his/her involvement negatively impacts the project success. However, if that business user is a middle manager, he/she has a positive impact on the project success. Similarly, when the business user participates in managing the projects, that involvement negatively impacts the project outcome (although the amount of negative impact is relatively small). These results should have an influence on the way the IS project managers allocate business resources to activities, and their decisions regarding whether and where the business users participate.

The authors expect higher levels of business user satisfaction on IS projects if they are allocated to a limited subset of project activities that has a positive impact on project outcomes.

The authors believe these findings contribute to this research domain considerably since they are based on a large sample size on a new comprehensive model of business users that can be generalized across industries. The separation of business requirements into functional and presentation requirements has suggested that there are differing impacts to the project depending on the type of business user involved.

The purpose of the paper is to find out the knowledge requirements and its effect on both onsite and offshore project work division for development, re-engineering and maintenance projects in Indian outsourcing software industry in different phases of software development.

This study employs an expert interview approach in Indian software industry to find out knowledge requirement for project execution and division of work between onsite and offshore locations. The requisite data were collected through expert interviews and direct observations.

The study found that the development projects require higher level of domain, strategic, business process and operation process knowledge in comparison to re-engineering and maintenance projects. So there is a need of higher onsite presence in development projects. The maintenance work is taken up at the offshore location in a phase-wise manner.

The implication of the study is in the development of a broad framework of knowledge requirements and work division in on-shore and offshore locations for Indian software outsourcing projects. As the study is based on expert opinion in the context of India, it cannot be generalized for outsourcing scenarios elsewhere.

The software project manager can use the findings to get more insight into the project and divide the software team between onsite and offshore location.

The study is novel, as there is little attempt at finding the knowledge requirement to execute various kinds of business software development in outsourcing environment in the context of India.

The purpose of this paper is to identify information governance (IG) requirements in the context of dynamic business networking (BN).

For the identification of IG requirements a systematic literature review is conducted. The practical significance of identified IG requirements is evaluated through a case study.

A comprehensive list of IG requirements in dynamic BN is identified. These requirements are classified in information quality, information security, and metadata domains. The conducted case study demonstrates information exchange issues in a real world dynamic BN that reflects the practical significance of the identified IG requirements.

Exploiting emerging market opportunities through a dynamic BN necessitates the realization of a comprehensive IG program within the network. Otherwise, information exchange related risks can interrupt the operations in a BN. In this research the authors concentrate on interactions between parties within a BN. The interactions with customers for the co-creation of value are not addressed directly. Although the conducted case study reflects the practical significance of the identified IG requirements clearly, more empirical study is needed for prioritizing these IG requirements.

The governor of a BN needs to balance between the value obtained from dynamic networked interactions and the risk evolving from the dynamic inter-organizational information exchange.

The comprehensive list of IG requirements that are identified in this research can be used to develop an IG program that enables high quality and secure information exchange in a dynamic BN.

This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.

Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.

This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation’s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.

This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.